mirror of https://github.com/MISP/MISP
1019 lines
35 KiB
Markdown
1019 lines
35 KiB
Markdown
```bash
|
|
# <snippet-begin 0_support-functions.sh>
|
|
# Leave empty for NO debug messages, if run with set -x or bash -x it will enable DEBUG by default
|
|
DEBUG=
|
|
|
|
case "$-" in
|
|
*x*) NO_PROGRESS=1; DEBUG=1 ;;
|
|
*) NO_PROGRESS=0 ;;
|
|
esac
|
|
|
|
## Function Section ##
|
|
|
|
## Usage of this script
|
|
usage () {
|
|
if [ "$0" == "bash" ]; then
|
|
WEB_INSTALL=1
|
|
SCRIPT_NAME="Web Installer Command"
|
|
else
|
|
SCRIPT_NAME=$0
|
|
fi
|
|
|
|
exec &> /dev/tty
|
|
space
|
|
echo -e "Please specify what type of ${LBLUE}MISP${NC} setup you want to install."
|
|
space
|
|
echo -e "${SCRIPT_NAME} -c | Install ONLY ${LBLUE}MISP${NC} Core" # core
|
|
echo -e " -M | ${LBLUE}MISP${NC} modules" # modules
|
|
## FIXME: The current state of misp-dashboard is broken, disabling any use.
|
|
##echo -e " -D | ${LBLUE}MISP${NC} dashboard" # dashboard
|
|
## FIXME: The current state of Viper is broken, disabling any use.
|
|
##echo -e " -V | Viper" # viper
|
|
echo -e " -m | Mail 2 ${LBLUE}MISP${NC}" # mail2
|
|
echo -e " -S | Experimental ssdeep correlations" # ssdeep
|
|
echo -e " -A | Install ${YELLOW}all${NC} of the above" # all
|
|
space
|
|
echo -e " -C | Only do ${YELLOW}pre-install checks and exit${NC}" # pre
|
|
space
|
|
echo -e " -u | Do an unattended Install, no questions asked" # UNATTENDED
|
|
echo -e "${HIDDEN} -U | Attempt and upgrade of selected item${NC}" # UPGRADE
|
|
echo -e "${HIDDEN} -N | Nuke this MISP Instance${NC}" # NUKE
|
|
echo -e "${HIDDEN} -f | Force test install on current Ubuntu LTS schim, add -B for 18.04 -> 18.10, or -BB 18.10 -> 19.10)${NC}" # FORCE
|
|
echo -e "Options can be combined: ${SCRIPT_NAME} -c -D # Will install Core+Dashboard"
|
|
space
|
|
echo -e "Recommended is either a barebone MISP install (ideal for syncing from other instances) or"
|
|
echo -e "MISP + modules - ${SCRIPT_NAME} -c -M"
|
|
echo -e ""
|
|
echo -e ""
|
|
echo -e "Interesting environment variables that get considered are:"
|
|
echo -e ""
|
|
echo -e "MISP_USER/MISP_PASSWORD # Local username on machine, default: misp/opensslGeneratedPassword"
|
|
echo -e ""
|
|
echo -e "PATH_TO_MISP # Where MISP will be installed, default: /var/www/MISP (recommended)"
|
|
echo -e ""
|
|
echo -e "DBHOST/DBNAME # database hostname, MISP database name, default: localhost/misp"
|
|
echo -e "DBUSER_ADMIN/DBPASSWORD_ADMIN # MySQL admin user, default: root/opensslGeneratedPassword"
|
|
echo -e "DBUSER_MISP/DBPASSWORD_MISP # MISP database user, default: misp/opensslGeneratedPassword"
|
|
echo -e ""
|
|
echo -e "You need to export the variable(s) to be taken into account. (or specified in-line when invoking INSTALL.sh)"
|
|
space
|
|
}
|
|
|
|
# Check if element is contained in array
|
|
containsElement () {
|
|
local e match="$1"
|
|
shift
|
|
for e; do [[ "$e" == "$match" ]] && return 0; done
|
|
return 1
|
|
}
|
|
|
|
checkOpt () {
|
|
# checkOpt feature
|
|
containsElement $1 "${options[@]}"
|
|
}
|
|
|
|
setOpt () {
|
|
options=()
|
|
for o in $@; do
|
|
case "$o" in
|
|
("-c") echo "core"; CORE=1 ;;
|
|
("-V") echo "viper"; VIPER=1 ;;
|
|
("-M") echo "modules"; MODULES=1 ;;
|
|
("-D") echo "dashboard"; DASHBOARD=1 ;;
|
|
("-m") echo "mail2"; MAIL2=1 ;;
|
|
("-S") echo "ssdeep"; SSDEEP=1 ;;
|
|
("-A") echo "all"; ALL=1 ;;
|
|
("-C") echo "pre"; PRE=1 ;;
|
|
("-U") echo "upgrade"; UPGRADE=1 ;;
|
|
("-N") echo "nuke"; NUKE=1 ;;
|
|
("-u") echo "unattended"; UNATTENDED=1 ;;
|
|
("-ni") echo "noninteractive"; NONINTERACTIVE=1 ;;
|
|
("-f") echo "force"; FORCE=1 ;;
|
|
(*) echo "$o is not a valid argument"; exit 1 ;;
|
|
esac
|
|
done
|
|
}
|
|
|
|
# check if command_exists
|
|
command_exists () {
|
|
command -v "$@" > /dev/null 2>&1
|
|
}
|
|
|
|
# TODO: fix os detection mess
|
|
# Try to detect what we are running on
|
|
checkCoreOS () {
|
|
# lsb_release can exist on any platform. RedHat package: redhat-lsb
|
|
LSB_RELEASE=$(which lsb_release > /dev/null ; echo $?)
|
|
APT=$(which apt > /dev/null 2>&1; echo -n $?)
|
|
APT_GET=$(which apt-get > /dev/null 2>&1; echo $?)
|
|
|
|
# debian specific
|
|
# /etc/debian_version
|
|
## os-release #generic
|
|
# /etc/os-release
|
|
|
|
# Redhat checks
|
|
if [[ -f "/etc/redhat-release" ]]; then
|
|
echo "This is some redhat flavour"
|
|
REDHAT=1
|
|
RHfla=$(cat /etc/redhat-release | cut -f 1 -d\ | tr '[:upper:]' '[:lower:]')
|
|
fi
|
|
}
|
|
|
|
# Extract debian flavour
|
|
checkFlavour () {
|
|
FLAVOUR=""
|
|
# Every system that we officially support has /etc/os-release
|
|
if [ -r /etc/os-release ]; then
|
|
FLAVOUR="$(. /etc/os-release && echo "$ID"| tr '[:upper:]' '[:lower:]')"
|
|
fi
|
|
|
|
case "${FLAVOUR}" in
|
|
ubuntu)
|
|
if command_exists lsb_release; then
|
|
dist_version="$(lsb_release --codename | cut -f2)"
|
|
fi
|
|
if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
|
|
dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
|
|
fi
|
|
;;
|
|
debian|raspbian)
|
|
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
|
|
case "$dist_version" in
|
|
10)
|
|
dist_version="buster"
|
|
;;
|
|
9)
|
|
dist_version="stretch"
|
|
;;
|
|
esac
|
|
;;
|
|
centos)
|
|
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
|
|
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
|
|
dist_version=${dist_version:0:1}
|
|
fi
|
|
echo "${FLAVOUR} support is experimental at the moment"
|
|
;;
|
|
rhel|ol|sles|fedora)
|
|
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
|
|
# FIXME: On fedora the trimming fails
|
|
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
|
|
dist_version=${dist_version:0:1} # Only interested about major version
|
|
fi
|
|
# FIXME: Only tested for RHEL 7 so far
|
|
echo "${FLAVOUR} support is experimental at the moment"
|
|
;;
|
|
*)
|
|
if command_exists lsb_release; then
|
|
dist_version="$(lsb_release --release | cut -f2)"
|
|
fi
|
|
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
|
|
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
# FIXME: The below want to be refactored
|
|
if [ "${FLAVOUR}" == "ubuntu" ]; then
|
|
RELEASE=$(lsb_release -s -r)
|
|
debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1} ${RELEASE}${NC}"
|
|
else
|
|
debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1}${NC}"
|
|
fi
|
|
}
|
|
|
|
|
|
# Check if this is a forked Linux distro
|
|
check_forked () {
|
|
# Check for lsb_release command existence, it usually exists in forked distros
|
|
if command_exists lsb_release; then
|
|
# Check if the `-u` option is supported
|
|
set +e
|
|
lsb_release -a -u > /dev/null 2>&1
|
|
lsb_release_exit_code=$?
|
|
set -e
|
|
|
|
# Check if the command has exited successfully, it means we're in a forked distro
|
|
if [ "$lsb_release_exit_code" = "0" ]; then
|
|
# Print info about current distro
|
|
cat <<-EOF
|
|
You're using '${FLAVOUR}' version '${dist_version}'.
|
|
EOF
|
|
# Get the upstream release info
|
|
FLAVOUR=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
|
|
dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')
|
|
|
|
# Print info about upstream distro
|
|
cat <<-EOF
|
|
Upstream release is '${FLAVOUR}' version '$dist_version'.
|
|
EOF
|
|
else
|
|
if [[ -r /etc/debian_version ]] && [[ "${FLAVOUR}" != "ubuntu" ]] && [[ "${FLAVOUR}" != "raspbian" ]]; then
|
|
# We're Debian and don't even know it!
|
|
FLAVOUR=debian
|
|
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
|
|
case "$dist_version" in
|
|
10)
|
|
dist_version="buster"
|
|
;;
|
|
9)
|
|
dist_version="stretch"
|
|
;;
|
|
8|'Kali Linux 2')
|
|
dist_version="jessie"
|
|
;;
|
|
esac
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
checkInstaller () {
|
|
# Workaround: shasum is not available on RHEL, only checking sha512
|
|
if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]] || [[ "${FLAVOUR}" == "fedora" ]]; then
|
|
INSTsum=$(sha512sum ${0} | cut -f1 -d\ )
|
|
/usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha512 https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha512
|
|
chsum=$(cat /tmp/INSTALL.sh.sha512)
|
|
if [[ "${chsum}" == "${INSTsum}" ]]; then
|
|
echo "SHA512 matches"
|
|
else
|
|
echo "SHA512: ${chsum} does not match the installer sum of: ${INSTsum}"
|
|
# exit 1 # uncomment when/if PR is merged
|
|
fi
|
|
else
|
|
# TODO: Implement $FLAVOUR checks and install depending on the platform we are on
|
|
if [[ $(which shasum > /dev/null 2>&1 ; echo $?) -ne 0 ]]; then
|
|
checkAptLock
|
|
sudo apt install libdigest-sha-perl -qyy
|
|
fi
|
|
# SHAsums to be computed, not the -- notatiation is for ease of use with rhash
|
|
SHA_SUMS="--sha1 --sha256 --sha384 --sha512"
|
|
for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do
|
|
/usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum}
|
|
INSTsum=$(shasum -a ${sum} ${0} | cut -f1 -d\ )
|
|
chsum=$(cat /tmp/INSTALL.sh.sha${sum} | cut -f1 -d\ )
|
|
|
|
if [[ "${chsum}" == "${INSTsum}" ]]; then
|
|
echo "sha${sum} matches"
|
|
else
|
|
echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}"
|
|
echo "Delete installer, re-download and please run again."
|
|
exit 1
|
|
fi
|
|
done
|
|
fi
|
|
}
|
|
|
|
# Extract manufacturer
|
|
checkManufacturer () {
|
|
if [[ -z $(which dmidecode) ]]; then
|
|
checkAptLock
|
|
sudo apt install dmidecode -qy
|
|
fi
|
|
MANUFACTURER=$(sudo dmidecode -s system-manufacturer)
|
|
debug ${MANUFACTURER}
|
|
}
|
|
|
|
# Dynamic horizontal spacer if needed, for autonomeous an no progress bar install, we are static.
|
|
space () {
|
|
if [[ "$NO_PROGRESS" == "1" ]] || [[ "$PACKER" == "1" ]]; then
|
|
echo "--------------------------------------------------------------------------------"
|
|
return
|
|
fi
|
|
# Check terminal width
|
|
num=`tput cols`
|
|
for i in `seq 1 $num`; do
|
|
echo -n "-"
|
|
done
|
|
echo ""
|
|
}
|
|
|
|
# Spinner so the user knows something is happening
|
|
spin()
|
|
{
|
|
if [[ "$NO_PROGRESS" == "1" ]]; then
|
|
return
|
|
fi
|
|
spinner="/|\\-/|\\-"
|
|
while :
|
|
do
|
|
for i in `seq 0 7`
|
|
do
|
|
echo -n "${spinner:$i:1}"
|
|
echo -en "\010"
|
|
sleep 0.$i
|
|
done
|
|
done
|
|
}
|
|
|
|
# Progress bar
|
|
progress () {
|
|
progress=$[$progress+$1]
|
|
if [[ "$NO_PROGRESS" == "1" ]] || [[ "$PACKER" == "1" ]]; then
|
|
echo "progress=${progress}" > /tmp/INSTALL.stat
|
|
return
|
|
fi
|
|
bar="#"
|
|
|
|
# Prevent progress of overflowing
|
|
if [[ $progress -ge 100 ]]; then
|
|
echo -ne "##################################################################################################### (100%)\r"
|
|
return
|
|
fi
|
|
# Display progress
|
|
for p in $(seq 1 $progress); do
|
|
bar+="#"
|
|
echo -ne "$bar ($p%)\r"
|
|
done
|
|
echo -ne '\n'
|
|
echo "progress=${progress}" > /tmp/INSTALL.stat
|
|
}
|
|
|
|
# Check locale
|
|
checkLocale () {
|
|
debug "Checking Locale"
|
|
# If locale is missing, generate and install a common UTF-8
|
|
if [[ ! -f /etc/default/locale || $(wc -l /etc/default/locale| cut -f 1 -d\ ) -eq "1" ]]; then
|
|
checkAptLock
|
|
sudo DEBIAN_FRONTEND=noninteractive apt install locales -qy
|
|
sudo sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
|
|
sudo locale-gen en_US.UTF-8
|
|
sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8
|
|
fi
|
|
}
|
|
|
|
# Simple function to check command exit code
|
|
checkFail () {
|
|
# '-ne' checks for numerical differences, '==' used for strings
|
|
if [[ $2 -ne 0 ]]; then
|
|
echo "iAmError: $1"
|
|
echo "The last command exited with error code: $2"
|
|
exit $2
|
|
fi
|
|
}
|
|
|
|
ask_o () {
|
|
|
|
ANSWER=""
|
|
|
|
if [ -z "${1}" ]; then
|
|
echo "This function needs at least 1 parameter."
|
|
exit 1
|
|
fi
|
|
|
|
[ -z "${2}" ] && OPT1="y" || OPT1="${2}"
|
|
[ -z "${3}" ] && OPT2="n" || OPT2="${3}"
|
|
|
|
while true; do
|
|
case "${ANSWER}" in "${OPT1}" | "${OPT2}") break ;; esac
|
|
echo -e -n "${1} (${OPT1}/${OPT2}) "
|
|
read ANSWER
|
|
ANSWER=$(echo "${ANSWER}" | tr '[:upper:]' '[:lower:]')
|
|
done
|
|
|
|
}
|
|
|
|
clean () {
|
|
rm /tmp/INSTALL.stat
|
|
rm /tmp/INSTALL.sh.*
|
|
}
|
|
|
|
# Check if misp user is present and if run as root
|
|
checkID () {
|
|
debug "Checking if run as root and $MISP_USER is present"
|
|
if [[ $EUID -eq 0 ]]; then
|
|
echo "This script cannot be run as a root"
|
|
clean > /dev/null 2>&1
|
|
exit 1
|
|
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
|
|
if [[ "$UNATTENDED" != "1" ]]; then
|
|
echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' (y) or continue as $USER (n)? (y/n) "
|
|
read ANSWER
|
|
ANSWER=$(echo $ANSWER |tr '[:upper:]' '[:lower:]')
|
|
INSTALL_USER=${USER}
|
|
else
|
|
ANSWER="y"
|
|
fi
|
|
|
|
if [[ $ANSWER == "y" ]]; then
|
|
sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER
|
|
echo $MISP_USER:$MISP_PASSWORD | sudo chpasswd
|
|
echo "User $MISP_USER added, password is: $MISP_PASSWORD"
|
|
elif [[ $ANSWER == "n" ]]; then
|
|
echo "Using $USER as install user, hope that is what you want."
|
|
echo -e "${RED}Adding $USER to groups $WWW_USER and staff${NC}"
|
|
MISP_USER=$USER
|
|
sudo adduser $MISP_USER staff
|
|
sudo adduser $MISP_USER $WWW_USER
|
|
else
|
|
echo "yes or no was asked, try again."
|
|
sudo adduser $MISP_USER staff
|
|
sudo adduser $MISP_USER $WWW_USER
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "User ${MISP_USER} exists, skipping creation"
|
|
echo -e "${RED}Adding $MISP_USER to groups $WWW_USER and staff${NC}"
|
|
sudo adduser $MISP_USER staff
|
|
sudo adduser $MISP_USER $WWW_USER
|
|
fi
|
|
|
|
# FIXME: the below SUDO_CMD check is a duplicate from global variables, try to have just one check
|
|
# sudo config to run $LUSER commands
|
|
if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then
|
|
SUDO_CMD="sudo -H -u ${MISP_USER} -g staff"
|
|
else
|
|
SUDO_CMD="sudo -H -u ${MISP_USER}"
|
|
fi
|
|
|
|
}
|
|
|
|
# pre-install check to make sure what we will be installing on, is ready and not a half installed system
|
|
preInstall () {
|
|
# preInstall needs to be able to be called before ANY action. Install/Upgrade/AddTool
|
|
# Pre install wants to be the place too where the following is checked and set via ENV_VAR:
|
|
# Check if composer is installed and functioning
|
|
# Check if misp db is installed (API call would confirm that the DB indeed works)
|
|
# Check apache config (Maybe try to talk to the server via api, this would confirm quite a lot)
|
|
# Check if workers are running/installed, maybe kick them if they are not
|
|
# /var/www/MISP/app/Config/[bootstrap,databases,core,config].php exists
|
|
# /var/www/MISP perms are correct (for $SUDO_WWW useage)
|
|
#
|
|
|
|
# Check if $PATH_TO_MISP exists and is writable by $WWW_USER
|
|
[[ -d "$PATH_TO_MISP" ]] && PATH_TO_MISP_EXISTS=1 && echo "$PATH_TO_MISP exists"
|
|
|
|
# .git exists and git is working for $WWW_USER
|
|
[[ -d "$PATH_TO_MISP/.git" ]] && PATH_TO_GIT_EXISTS=1 && echo "$PATH_TO_MISP/.git exists" && cd $PATH_TO_MISP && $SUDO_WWW git status
|
|
|
|
# .gnupg exists and working correctly
|
|
[[ -d "$PATH_TO_MISP/.gnupg" ]] && PATH_TO_GNUPG_EXISTS=1 && echo "$PATH_TO_MISP/.gnupg exists"
|
|
|
|
|
|
# Extract username, password and dbname
|
|
##cat database.php |grep -v // |grep -e database -e login -e password |tr -d \' |tr -d \ |tr -d , |tr -d \>
|
|
DBPASSWORD_MISP=$(cat database.php |grep -v // |grep -e password |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=)
|
|
DBUSER_MISP=$(cat database.php |grep -v // |grep -e login |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=)
|
|
DBNAME=$(cat database.php |grep -v // |grep -e database |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=)
|
|
AUTH_KEY=$(mysql -h $DBHOST --disable-column-names -B -u $DBUSER_MISP -p"$DBPASSWORD_MISP" $DBNAME -e 'SELECT authkey FROM users WHERE role_id=1 LIMIT 1')
|
|
|
|
# Check if db exists
|
|
[[ -d "/var/lib/mysql/$DBNAME" ]] && MISP_DB_DIR_EXISTS=1 && echo "/var/lib/mysql/$DBNAME exists"
|
|
|
|
echo -e "${RED}Place-holder, not implemented yet.${NC}"
|
|
exit
|
|
}
|
|
|
|
# Upgrade function
|
|
upgrade () {
|
|
headerJSON="application/json"
|
|
Acc="Accept:"
|
|
Autho="Authorization:"
|
|
CT="Content-Type:"
|
|
MISP_BASEURL="https://127.0.0.1"
|
|
${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ; php composer.phar update ; php composer.phar self-update"
|
|
|
|
for URN in $(echo "galaxies warninglists noticelists objectTemplates taxonomies"); do
|
|
curl --header "$Autho $AUTH_KEY" --header "$Acc $headerJSON" --header "$CT $headerJSON" -k -X POST $MISP_BASEURL/$URN/update
|
|
done
|
|
|
|
echo -e "${RED}Place-holder, not implemented yet.${NC}"
|
|
exit
|
|
}
|
|
|
|
# check is /usr/local/src is RW by misp user
|
|
checkUsrLocalSrc () {
|
|
echo ""
|
|
if [[ -e /usr/local/src ]]; then
|
|
WRITEABLE=$(sudo -H -u $MISP_USER touch /usr/local/src 2> /dev/null ; echo $?)
|
|
if [[ "$WRITEABLE" == "0" ]]; then
|
|
echo "Good, /usr/local/src exists and is writeable as $MISP_USER"
|
|
else
|
|
# TODO: The below might be shorter, more elegant and more modern
|
|
#[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && echo "Just do it"
|
|
sudo chmod 2775 /usr/local/src
|
|
sudo chown root:staff /usr/local/src
|
|
fi
|
|
else
|
|
echo "/usr/local/src does not exist, creating."
|
|
mkdir -p /usr/local/src
|
|
sudo chmod 2775 /usr/local/src
|
|
# TODO: Better handling /usr/local/src permissions
|
|
if [[ "$(cat /etc/group |grep staff > /dev/null 2>&1)" == "0" ]]; then
|
|
sudo chown root:staff /usr/local/src
|
|
fi
|
|
fi
|
|
}
|
|
|
|
kaliSpaceSaver () {
|
|
# Future function in case Kali overlay on LiveCD is full
|
|
echo "${RED}Not implement${NC}"
|
|
}
|
|
|
|
# FIXME: Kali now uses kali/kali instead of root/toor
|
|
# Because Kali is l33t we make sure we DO NOT run as root
|
|
kaliOnTheR0ckz () {
|
|
totalRoot=$(df -k | grep /$ |awk '{ print $2 }')
|
|
totalMem=$(cat /proc/meminfo|grep MemTotal |grep -Eo '[0-9]{1,}')
|
|
overlay=$(df -kh |grep overlay; echo $?) # if 1 overlay NOT present
|
|
|
|
if [[ ${totalRoot} -lt 3059034 ]]; then
|
|
echo "(If?) You run Kali in LiveCD mode and we need more overlay disk space."
|
|
echo "This is defined by the total memory, you have: ${totalMem}kB which is not enough."
|
|
echo "6-8Gb should be fine. (need >3Gb overlayFS)"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ ${EUID} -eq 0 ]]; then
|
|
echo "This script must NOT be run as root"
|
|
exit 1
|
|
elif [[ $(id ${MISP_USER} >/dev/null; echo $?) -ne 0 ]]; then
|
|
sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff ${MISP_USER}
|
|
echo ${MISP_USER}:${MISP_PASSWORD} | sudo chpasswd
|
|
else
|
|
# TODO: Make sure we consider this further down the road
|
|
echo "User ${MISP_USER} exists, skipping creation"
|
|
fi
|
|
}
|
|
|
|
setBaseURL () {
|
|
debug "Setting Base URL"
|
|
|
|
CONN=$(ip -br -o -4 a |grep UP |head -1 |tr -d "UP")
|
|
IFACE=$(echo $CONN |awk {'print $1'})
|
|
IP=$(echo $CONN |awk {'print $2'}| cut -f1 -d/)
|
|
|
|
[[ -n ${MANUFACTURER} ]] || checkManufacturer
|
|
|
|
if [[ "${MANUFACTURER}" != "innotek GmbH" ]] && [[ "$MANUFACTURER" != "VMware, Inc." ]] && [[ "$MANUFACTURER" != "QEMU" ]]; then
|
|
debug "We guess that this is a physical machine and cannot reliably guess what the MISP_BASEURL might be."
|
|
|
|
if [[ "${UNATTENDED}" != "1" ]]; then
|
|
echo "You can now enter your own MISP_BASEURL, if you wish to NOT do that, the MISP_BASEURL will be empty, which will work, but ideally you configure it afterwards."
|
|
echo "Do you want to change it now? (y/n) "
|
|
read ANSWER
|
|
ANSWER=$(echo ${ANSWER} |tr '[:upper:]' '[:lower:]')
|
|
if [[ "${ANSWER}" == "y" ]]; then
|
|
if [[ ! -z ${IP} ]]; then
|
|
echo "It seems you have an interface called ${IFACE} UP with the following IP: ${IP} - FYI"
|
|
echo "Thus your Base URL could be: https://${IP}"
|
|
fi
|
|
echo "Please enter the Base URL, e.g: 'https://example.org'"
|
|
echo ""
|
|
echo -n "Enter Base URL: "
|
|
read MISP_BASEURL
|
|
else
|
|
MISP_BASEURL='""'
|
|
fi
|
|
else
|
|
MISP_BASEURL="https://misp.local"
|
|
# Webserver configuration
|
|
FQDN='misp.local'
|
|
fi
|
|
elif [[ "${KALI}" == "1" ]]; then
|
|
MISP_BASEURL="https://misp.local"
|
|
# Webserver configuration
|
|
FQDN='misp.local'
|
|
elif [[ "${MANUFACTURER}" == "innotek GmbH" ]]; then
|
|
MISP_BASEURL='https://localhost:8443'
|
|
IP=$(ip addr show | awk '$1 == "inet" {gsub(/\/.*$/, "", $2); print $2}' |grep -v "127.0.0.1" |tail -1)
|
|
sudo iptables -t nat -A OUTPUT -p tcp --dport 8443 -j DNAT --to ${IP}:443
|
|
# Webserver configuration
|
|
FQDN='localhost.localdomain'
|
|
elif [[ "${MANUFACTURER}" == "VMware, Inc." ]]; then
|
|
MISP_BASEURL='""'
|
|
# Webserver configuration
|
|
FQDN='misp.local'
|
|
else
|
|
MISP_BASEURL='""'
|
|
# Webserver configuration
|
|
FQDN='misp.local'
|
|
fi
|
|
}
|
|
|
|
# Test and install software RNG
|
|
installRNG () {
|
|
sudo modprobe tpm-rng 2> /dev/null
|
|
if [ "$?" -eq "0" ]; then
|
|
echo tpm-rng | sudo tee -a /etc/modules
|
|
fi
|
|
checkAptLock
|
|
sudo apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS
|
|
sudo service rng-tools start
|
|
|
|
if [ "$?" -eq "1" ]; then
|
|
sudo apt purge -qy rng-tools
|
|
sudo apt install -qy haveged
|
|
sudo /etc/init.d/haveged start
|
|
fi
|
|
}
|
|
|
|
# Kali upgrade
|
|
kaliUpgrade () {
|
|
debug "Running various Kali upgrade tasks"
|
|
checkAptLock
|
|
sudo DEBIAN_FRONTEND=noninteractive apt update
|
|
sudo DEBIAN_FRONTEND=noninteractive apt install --only-upgrade bash libc6 -y
|
|
sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y
|
|
}
|
|
|
|
# Kali 2022.x has only php81
|
|
installDepsKaliPhp74 () {
|
|
sudo apt -y install lsb-release apt-transport-https ca-certificates
|
|
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
|
|
echo "deb https://packages.sury.org/php/ bullseye main" | sudo tee /etc/apt/sources.list.d/php.list
|
|
sudo apt update
|
|
wget http://ftp.us.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_amd64.deb
|
|
sudo dpkg -i libffi7_3.3-6_amd64.deb
|
|
}
|
|
|
|
# Disables sleep
|
|
disableSleep () {
|
|
debug "Disabling sleep etc if run from a Laptop as the install might take some time…" > /dev/tty
|
|
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null
|
|
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null
|
|
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type nothing 2> /dev/null
|
|
gsettings set org.gnome.desktop.screensaver lock-enabled false 2> /dev/null
|
|
gsettings set org.gnome.desktop.screensaver idle-activation-enabled false 2> /dev/null
|
|
|
|
setterm -blank 0 -powersave off -powerdown 0
|
|
xset s 0 0 2> /dev/null
|
|
xset dpms 0 0 2> /dev/null
|
|
xset dpms force off
|
|
xset s off 2> /dev/null
|
|
service sleepd stop
|
|
kill $(lsof | grep 'sleepd' | awk '{print $2}')
|
|
checkAptLock
|
|
}
|
|
|
|
# Remove alias if present
|
|
if [[ $(type -t checkAptLock) == "alias" ]]; then unalias checkAptLock; fi
|
|
# Simple function to make sure APT is not locked
|
|
checkAptLock () {
|
|
SLEEP=3
|
|
if [[ -n ${APT_UPDATED} ]]; then
|
|
sudo apt update && APT_UPDATED=1
|
|
fi
|
|
while [ "$DONE" != "0" ]; do
|
|
sudo apt-get check 2> /dev/null > /dev/null && DONE=0
|
|
echo -e "${LBLUE}apt${NC} is maybe ${RED}locked${NC}, waiting ${RED}$SLEEP${NC} seconds." > /dev/tty
|
|
sleep $SLEEP
|
|
SLEEP=$[$SLEEP+3]
|
|
done
|
|
unset DONE
|
|
}
|
|
|
|
# <snippet-begin 0_installDepsPhp70.sh>
|
|
# Install Php 7.0 dependencies
|
|
installDepsPhp70 () {
|
|
debug "Installing PHP 7.0 dependencies"
|
|
PHP_ETC_BASE=/etc/php/7.0
|
|
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
|
checkAptLock
|
|
sudo apt install -qy \
|
|
libapache2-mod-php \
|
|
php php-cli \
|
|
php-dev \
|
|
php-json php-xml php-mysql php-opcache php-readline php-mbstring php-zip \
|
|
php-redis php-gnupg \
|
|
php-gd
|
|
|
|
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
|
do
|
|
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
|
done
|
|
sudo sed -i "s/^\(session.sid_length\).*/\1 = $(eval echo \${session0sid_length})/" $PHP_INI
|
|
sudo sed -i "s/^\(session.use_strict_mode\).*/\1 = $(eval echo \${session0use_strict_mode})/" $PHP_INI
|
|
}
|
|
# <snippet-end 0_installDepsPhp70.sh>
|
|
|
|
# <snippet-begin 0_installDepsPhp73.sh>
|
|
# Install Php 7.3 deps
|
|
installDepsPhp73 () {
|
|
debug "Installing PHP 7.3 dependencies"
|
|
PHP_ETC_BASE=/etc/php/7.3
|
|
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
|
checkAptLock
|
|
if [[ ! -n ${KALI} ]]; then
|
|
sudo apt install -qy \
|
|
libapache2-mod-php7.3 \
|
|
php7.3 php7.3-cli \
|
|
php7.3-dev \
|
|
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
|
php-redis php-gnupg \
|
|
php-gd
|
|
else
|
|
sudo apt install -qy \
|
|
libapache2-mod-php7.3 \
|
|
libgpgme-dev \
|
|
php7.3 php7.3-cli \
|
|
php7.3-dev \
|
|
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
|
php7.3-gd
|
|
sudo pecl channel-update pecl.php.net
|
|
#sudo pear config-set php_ini ${PHP_INI}
|
|
echo "" |sudo pecl install redis
|
|
sudo pecl install gnupg
|
|
echo extension=gnupg.so | sudo tee ${PHP_ETC_BASE}/mods-available/gnupg.ini
|
|
echo extension=redis.so | sudo tee ${PHP_ETC_BASE}/mods-available/redis.ini
|
|
fi
|
|
}
|
|
# <snippet-end 0_installDepsPhp73.sh>
|
|
|
|
# Installing core dependencies
|
|
installDeps () {
|
|
debug "Installing core dependencies"
|
|
checkAptLock
|
|
sudo apt install -qy etckeeper
|
|
# Skip dist-upgrade for now, pulls in 500+ updated packages
|
|
#sudo apt -y dist-upgrade
|
|
gitMail=$(git config --global --get user.email ; echo $?)
|
|
if [ "$?" -eq "1" ]; then
|
|
git config --global user.email "root@kali.lan"
|
|
fi
|
|
gitUser=$(git config --global --get user.name ; echo $?)
|
|
if [ "$?" -eq "1" ]; then
|
|
git config --global user.name "Root User"
|
|
fi
|
|
|
|
[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && sudo DEBIAN_FRONTEND=noninteractive apt install -qy postfix || sudo apt install -qy postfix
|
|
|
|
sudo apt install -qy \
|
|
curl gcc git gnupg-agent make openssl redis-server neovim unzip zip libyara-dev python3-yara python3-redis python3-zmq sqlite3 \
|
|
mariadb-client \
|
|
mariadb-server \
|
|
apache2 apache2-doc apache2-utils \
|
|
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
|
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools
|
|
|
|
installRNG
|
|
}
|
|
|
|
# On Kali, the redis start-up script is broken. This tries to fix it.
|
|
fixRedis () {
|
|
# As of 20190124 redis-server init.d scripts are broken and need to be replaced
|
|
sudo mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d`
|
|
|
|
echo '#! /bin/sh
|
|
### BEGIN INIT INFO
|
|
# Provides: redis-server
|
|
# Required-Start: $syslog
|
|
# Required-Stop: $syslog
|
|
# Should-Start: $local_fs
|
|
# Should-Stop: $local_fs
|
|
# Default-Start: 2 3 4 5
|
|
# Default-Stop: 0 1 6
|
|
# Short-Description: redis-server - Persistent key-value db
|
|
# Description: redis-server - Persistent key-value db
|
|
### END INIT INFO
|
|
|
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
|
DAEMON=/usr/bin/redis-server
|
|
DAEMON_ARGS=/etc/redis/redis.conf
|
|
NAME=redis-server
|
|
DESC=redis-server
|
|
PIDFILE=/var/run/redis.pid
|
|
|
|
test -x $DAEMON || exit 0
|
|
test -x $DAEMONBOOTSTRAP || exit 0
|
|
|
|
set -e
|
|
|
|
case "$1" in
|
|
start)
|
|
echo -n "Starting $DESC: "
|
|
touch $PIDFILE
|
|
chown redis:redis $PIDFILE
|
|
if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
|
|
then
|
|
echo "$NAME."
|
|
else
|
|
echo "failed"
|
|
fi
|
|
;;
|
|
stop)
|
|
echo -n "Stopping $DESC: "
|
|
if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
|
|
then
|
|
echo "$NAME."
|
|
else
|
|
echo "failed"
|
|
fi
|
|
rm -f $PIDFILE
|
|
;;
|
|
|
|
restart|force-reload)
|
|
${0} stop
|
|
${0} start
|
|
;;
|
|
*)
|
|
echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
exit 0' | sudo tee /etc/init.d/redis-server
|
|
sudo chmod 755 /etc/init.d/redis-server
|
|
sudo /etc/init.d/redis-server start
|
|
}
|
|
|
|
# generate MISP apache conf
|
|
genApacheConf () {
|
|
echo "<VirtualHost _default_:80>
|
|
ServerAdmin admin@localhost.lu
|
|
ServerName misp.local
|
|
|
|
Redirect permanent / https://misp.local
|
|
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/misp.local_error.log
|
|
CustomLog /var/log/apache2/misp.local_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<VirtualHost _default_:443>
|
|
ServerAdmin admin@localhost.lu
|
|
ServerName misp.local
|
|
DocumentRoot $PATH_TO_MISP/app/webroot
|
|
|
|
<Directory $PATH_TO_MISP/app/webroot>
|
|
Options -Indexes
|
|
AllowOverride all
|
|
Require all granted
|
|
Order allow,deny
|
|
allow from all
|
|
</Directory>
|
|
|
|
SSLEngine On
|
|
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
|
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
|
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
|
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/misp.local_error.log
|
|
CustomLog /var/log/apache2/misp.local_access.log combined
|
|
ServerSignature Off
|
|
Header set X-Content-Type-Options nosniff
|
|
Header set X-Frame-Options DENY
|
|
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-ssl.conf
|
|
}
|
|
|
|
# Add git pull update mechanism to rc.local - TODO: Make this better
|
|
gitPullAllRCLOCAL () {
|
|
sudo sed -i -e '$i \git_dirs="/usr/local/src/misp-modules /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
|
|
sudo sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
|
|
sudo sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
|
|
sudo sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
|
|
sudo sed -i -e '$i \done\n' /etc/rc.local
|
|
}
|
|
|
|
|
|
# Main composer function
|
|
composer () {
|
|
sudo mkdir -p /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer
|
|
${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ; php composer.phar install --no-dev"
|
|
}
|
|
|
|
|
|
# TODO: FIX somehow the alias of the function does not work
|
|
# Composer on php 7.0 does not need any special treatment the provided phar works well
|
|
alias composer70=composer
|
|
# Composer on php 7.2 does not need any special treatment the provided phar works well
|
|
alias composer72=composer
|
|
# Composer on php 7.3 does not need any special treatment the provided phar works well
|
|
alias composer73=composer
|
|
|
|
# TODO: this is probably a useless function
|
|
# Enable various core services
|
|
enableServices () {
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable --now mysql
|
|
sudo systemctl enable --now apache2
|
|
sudo systemctl enable --now redis-server
|
|
}
|
|
|
|
# TODO: check if this makes sense
|
|
# Generate rc.local
|
|
genRCLOCAL () {
|
|
if [[ ! -e /etc/rc.local ]]; then
|
|
echo '#!/bin/sh -e' | tee -a /etc/rc.local
|
|
echo 'exit 0' | sudo tee -a /etc/rc.local
|
|
chmod u+x /etc/rc.local
|
|
fi
|
|
|
|
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
|
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
|
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
|
sudo sed -i -e '$i \[ -f /etc/init.d/firstBoot ] && bash /etc/init.d/firstBoot\n' /etc/rc.local
|
|
}
|
|
|
|
# Run PyMISP tests
|
|
runTests () {
|
|
echo "url = \"${MISP_BASEURL}\"
|
|
key = \"${AUTH_KEY}\"" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py
|
|
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/PyMISP/
|
|
|
|
${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin main"
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport]
|
|
${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py"
|
|
}
|
|
|
|
# Nuke the install, meaning remove all MISP data but no packages, this makes testing the installer faster
|
|
nuke () {
|
|
echo -e "${RED}YOU ARE ABOUT TO DELETE ALL MISP DATA! Sleeping 10, 9, 8...${NC}"
|
|
sleep 10
|
|
sudo rm -rvf /usr/local/src/{misp-modules,viper,mail_to_misp,LIEF,faup}
|
|
sudo rm -rvf /var/www/MISP
|
|
sudo mysqladmin -h $DBHOST drop misp
|
|
sudo mysql -h $DBHOST -e "DROP USER misp@localhost"
|
|
}
|
|
|
|
# Final function to let the user know what happened
|
|
theEnd () {
|
|
space
|
|
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" |$SUDO_CMD tee /home/${MISP_USER}/mysql.txt
|
|
echo "User (misp) DB Password: $DBPASSWORD_MISP" |$SUDO_CMD tee -a /home/${MISP_USER}/mysql.txt
|
|
echo "Authkey: $AUTH_KEY" |$SUDO_CMD tee -a /home/${MISP_USER}/MISP-authkey.txt
|
|
|
|
# Commenting out, see: https://github.com/MISP/MISP/issues/5368
|
|
# clear -x
|
|
space
|
|
echo -e "${LBLUE}MISP${NC} Installed, access here: ${MISP_BASEURL}"
|
|
echo
|
|
echo "User: admin@admin.test"
|
|
echo "Password: admin"
|
|
space
|
|
##[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && echo -e "${LBLUE}MISP${NC} Dashboard, access here: ${MISP_BASEURL}:8001"
|
|
##[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && space
|
|
##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-web installed, access here: ${MISP_BASEURL}:8888"
|
|
##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-cli configured with your ${LBLUE}MISP${NC} ${RED}Site Admin Auth Key${NC}"
|
|
##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo
|
|
##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "User: admin"
|
|
##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "Password: Password1234"
|
|
##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && space
|
|
echo -e "The following files were created and need either ${RED}protection or removal${NC} (${YELLOW}shred${NC} on the CLI)"
|
|
echo "/home/${MISP_USER}/mysql.txt"
|
|
echo -e "${RED}Contents:${NC}"
|
|
cat /home/${MISP_USER}/mysql.txt
|
|
echo "/home/${MISP_USER}/MISP-authkey.txt"
|
|
echo -e "${RED}Contents:${NC}"
|
|
cat /home/${MISP_USER}/MISP-authkey.txt
|
|
space
|
|
echo -e "The ${RED}LOCAL${NC} system credentials:"
|
|
echo "User: ${MISP_USER}"
|
|
echo "Password: ${MISP_PASSWORD} # Or the password you used of your custom user"
|
|
space
|
|
echo "GnuPG Passphrase is: ${GPG_PASSPHRASE}"
|
|
space
|
|
echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
|
|
echo
|
|
echo "sudo postconf -e 'relayhost = example.com'"
|
|
echo "sudo postfix reload"
|
|
space
|
|
echo -e "Enjoy using ${LBLUE}MISP${NC}. For any issues see here: https://github.com/MISP/MISP/issues"
|
|
space
|
|
if [[ "$UNATTENDED" == "1" ]]; then
|
|
echo -e "${RED}Unattended install!${NC}"
|
|
echo -e "This means we guessed the Base URL, it might be wrong, please double check."
|
|
space
|
|
fi
|
|
|
|
if [[ "$PACKER" == "1" ]]; then
|
|
echo -e "${RED}This was an Automated Packer install!${NC}"
|
|
echo -e "This means we forced an unattended install."
|
|
space
|
|
fi
|
|
|
|
if [[ "$USER" != "$MISP_USER" && "$UNATTENDED" != "1" ]]; then
|
|
sudo su - ${MISP_USER}
|
|
fi
|
|
}
|
|
# <snippet-end 0_support-functions.sh>
|
|
# <snippet-begin 0_installDepsPhp72.sh>
|
|
# Install Php 7.2 dependencies
|
|
installDepsPhp72 () {
|
|
debug "Installing PHP 7.2 dependencies"
|
|
PHP_ETC_BASE=/etc/php/7.2
|
|
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
|
checkAptLock
|
|
sudo apt install -qy \
|
|
libapache2-mod-php \
|
|
php php-cli \
|
|
php-dev \
|
|
php-json php-xml php-mysql php7.2-opcache php-readline php-mbstring php-zip \
|
|
php-redis php-gnupg \
|
|
php-intl php-bcmath \
|
|
php-gd
|
|
|
|
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
|
do
|
|
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
|
done
|
|
sudo sed -i "s/^\(session.sid_length\).*/\1 = $(eval echo \${session0sid_length})/" $PHP_INI
|
|
sudo sed -i "s/^\(session.use_strict_mode\).*/\1 = $(eval echo \${session0use_strict_mode})/" $PHP_INI
|
|
}
|
|
## End Function Section Nothing allowed in .md after this line ##
|
|
# <snippet-end 0_installDepsPhp72.sh>
|
|
```
|